Looks good. Thanks!
> >> The ssh client prefers ECDSA host keys over DSA keys so I don't think > >> this > >> is a big deal. But we could have an option to enable/disable generation > >> of > >> DSA keys. > > > > I'd keep the path to the host keys configurable, maybe bump key sizes a > > little. > Okay, I've now pushed a commit that does this > (9771f0c96c87cf03519033df408ca309696a9469). It enables both ECDSA and DSA, > but you can turn off the DSA key by saying: > > services.openssh.hostKeys = > [ { path = "/etc/ssh/ssh_host_ecdsa_key"; > type = "ecdsa"; > bits = 521; > } > ]; > > If desired, we could also enable an RSA key by default. _______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev